Viewing a single comment thread. View all comments

kindrudekid t1_je5nx1s wrote

No they still offer the 2FA service.

Previously they offered it via SMS, TOTP based Authenticator Apps (Google Authenticator, Duo Security, Authy etc) and Security Keys (Yubikey)

SMS based 2FA is weak and been vulnerable for almost a decade now. NIST sent out an official notice back in 2016. Google and Apple phased it out completely too.

So Twitter just disabled the shitter, weaker, more vulnerable SMS based 2FA is not available. Not only is it bad from a InfoSec perspective, it is also a line item in capital expenses from a business perspective.

I do agree that the phrasing from twitter was shitty and instead of asking users to fork over money, they could have guided them to the alternatives.

−1